Bonus points for rfc 2136, works easily with [external-dns](https://github.com/kubernetes-sigs/external-dns). I've been using k8s+external-dns on-prem with a selfhosted minimal BIND server on a public host for years now.
Thanks — external-dns + RFC 2136 is a great call. Honestly that's a
guide we should write; we already have one for fleet operations and the
k8s pattern is the natural extension.